|Summary:||<sys-kernel/gentoo-sources-4.4.19 are affected by CVE-2016-4913 and CVE-2016-3713|
|Product:||Gentoo Security||Reporter:||Pacho Ramos <pacho>|
|Component:||Kernel||Assignee:||Gentoo Kernel Security <security-kernel>|
|Severity:||normal||CC:||andrzej.pauli, kernel, limanski, marci_r|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||591810|
Description Pacho Ramos 2016-05-21 11:10:38 UTC
I was trying to find if Fedora people were able to backport the fixes for bug 583522 in Fedora22 but I couldn't find it :( At least I found that any version before 4.4.11 are vulnerable to, at least, that two CVEs I list in summary, hence, maybe it would be interesting to stabilize 4.4.11 Thanks
Comment 1 Mike Limansky 2016-06-25 21:50:05 UTC
And the kernels before 4.4.14 are affected by CVE-2016-4997. (http://www.openwall.com/lists/oss-security/2016/06/24/5)
Comment 2 Mike Limansky 2016-07-09 19:28:50 UTC
I'm using 4.4.14 for a week on working laptop. No issues found comparing with current stable 4.4.6. Are there any blockers for this security bug?
Comment 3 Pacho Ramos 2016-08-21 09:38:30 UTC
Well, there are many more security fixes since I reported this.. probably the best idea would be to stabilize 4.4.19 when it lands the tree
Comment 4 Andreas Sturmlechner 2016-08-21 14:41:19 UTC
4.4.19 is in tree since yesterday. Regressions do happen, but very rarely at that stage of LTS, so I guess stabilising it is not unreasonable.
Comment 5 Mike Limansky 2016-09-23 15:31:32 UTC
I'm using 4.4.19 for a month on amd64. No issues comparing to 4.4.6 are observed.